template: do not escape & in “cmd”

2025-12-23 18:50:46 +01:00 · 2025-01-14 09:13:52 -07:00
parent 358dbe7e0b
commit a5f66c6e80
1 changed files with 2 additions and 2 deletions
--- a/usr/local/share/bastille/template.sh
+++ b/usr/local/share/bastille/template.sh
@@ -54,7 +54,7 @@ get_arg_name() {

 parse_arg_value() {
    # Parses the value after = and then escapes back/forward slashes and single quotes in it. -- cwells
-    echo "${1}" | sed -E 's/[^=]+=?//' | sed -e 's/\\/\\\\/g' -e 's/\//\\\//g' -e 's/'\''/'\''\\'\'\''/g' -e 's/&/\\&/g'
+    echo "${1}" | sed -E 's/[^=]+=?//' | sed -e 's/\\/\\\\/g' -e 's/\//\\\//g' -e 's/'\''/'\''\\'\'\''/g' -e 's/\\\&/\&/g'
 }

 get_arg_value() {
@@ -299,7 +299,7 @@ for _jail in ${JAILS}; do
                    ;;
                cmd)
                    # Escape single-quotes in the command being executed. -- cwells
-                    _args=$(echo "${_args}" | sed "s/'/'\\\\''/g" | sed 's/&/\\&/g')
+                    _args=$(echo "${_args}" | sed "s/'/'\\\\''/g")
                    # Allow redirection within the jail. -- cwells
                    _args="sh -c '${_args}'"
                    ;;